Realistic Mission 9

Ok… this challenge is really pissing me off !! I Tried to SQL inject on the Username and password boxes and to SQL inject on the URL bar… So I always used * ** ==– to make A SQL injection… Though it always appears this message:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/hbh/public_html/challenges/real9/admin.php on line 139 Sorry, this login is invalid.

I don't understand.. what the hell am I supose to do then ?!

i hope you used one = sign

OMG LOL ahahah indeed i type in the = sign twice :D Well that's it completed the challenge in 30 seconds when i type in the correct injection xD

how brill am i for spoting and commenting :happy:B)

well you just basically told him the answer but ok

Why am I slightly pleased to see willeH back …

I dont get it..

I have tried the basic injection on basic16, it works then I use same one to realistic 9 but it says invalid login/pass until I modified the injection using UNION, I got message saying im on the right track but stick to the mission..

I tried like 1000 injections . nothing works. I dont get it.. it must have one specific injection syntax. anyone can help me??

I could list all injections but it would be a spoiler…

It's still the simplest of injections man, it's just not using numbers any longer.

I got it now.. it was real simple. I replaced only one character with another character - bingo I got in and got the key..

however I tried to decrypt using western iso charset. it still is little garbled or its supposed to be that way

I send it using the link to send it - after I posted. it does nothing. no message or anything…

I can't figure this out… I have tried about everything between the most simple injections to xp_cmdshell-stuff and none of them work :(

Just to make this clear: I have to login to admin panel? As whitie or somebody else?

Think simple, also you'll need to use the injection in both username and password fields.